Looking back on this answer today, I realise that advising people to set curl_ssl_verifypeer to false is not a very good answer (at this point you can no longer be sure you're talking to Twitter, so in fact it's a terrible answer). Instead, take the other advice I gave and ensure the appropriate Root CA Certificate file (cacert.pem) is in place.

However, looking at the source code, reveals two things. First your code should be just as good as that, because $this->response['code'] is set to the value that gets returned. Second that that function (actually curlit()) can also return void. When it does that response['code'] is undefined. (This was looking like a promising twitter library until I saw that design mistake.)

Probing even further, it would only return void when $this->config['prevent_request'] exists and is true. You're not doing that, and we've gone full circle to not being able to explain the behaviour you see.

So, my next troubleshooting step would be to put error_reporting(E_ALL|E_NOTICE) at the top, and then check the error logs for more clues. Also do a print_r($connection->response) after your call to request() to see what else you have in there.

Version 0.60 hardened the security of the library and defaulted curl_ssl_verifypeer to true. As some hosting providers do not provide the most current certificate root file it is now included in TMH's repository. If the version is out of date OR you prefer to download the certificate roots yourself, you can get them from: http://curl.haxx.se/ca/cacert.pem

Before upgrading the version of tmhOAuth that you use, be sure to verify the SSL handling works on your server by running the examples/verify_ssl.php script.